Search the Community
Showing results for tags 'server-side'.
-
Moodle Filepicker version 3.5.2 suffers from a server-side request forgery vulnerability. View the full article
-
- moodle
- filepicker
-
(and 4 more)
Tagged with:
-
Exploits TestLink 1.9.19 Server-Side Request Forgery
1337day-Exploits posted a topic in Updated Exploits
TestLink versions 1.9.19 and below suffers from a server side request forgery vulnerability. View the full article -
SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a server-side request forgery vulnerability. The vulnerability is located within the "ConnectorsController::action_CallRest()" method. User input passed through the "url" request parameter is not properly sanitized before being used in a call to the "file_get_contents" function. View the full article
-
- sugarcrm
- connectorscontroller
-
(and 3 more)
Tagged with:
-
Using a web browser or script server-side request forgery (SSRF) can be initiated against internal/external systems to conduct port scans by leveraging D-LINK's MailConnect component. The MailConnect feature on D-Link Central WiFiManager CWM-100 version 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using Web Browser. View the full article